Regulations for the use of IT Facilities and Systems
The following is a very brief summary of the main points of the IT Regulations. You are expected to be familiar with the full regulations, which are available here.
Don’t break the law, do abide by Regulations, Policies and Guidelines and do observe the regulations of any third parties whose facilities you access.
Don’t allow anyone else to use your IT credentials, don’t disguise your online identity and don’t attempt to obtain or use anyone else’s.
Don’t put the institution’s IT facilities at risk by introducing malware, interfering with hardware or loading unauthorised software.
Safeguard personal data, respect other people’s information and don’t abuse copyright material. Remember that mobile devices may not be a secure way to handle information.
Don’t waste IT resources, interfere with others’ legitimate use of IT resources or behave towards others in a way that would not be acceptable in the physical world.
The aim of these regulations is to help ensure that Aberystwyth University’s (AU) IT facilities can be used safely, lawfully and equitably.
The issues covered by these regulations are complex and you are strongly urged to read the more detailed guidance available here.
1.1 These regulations apply to anyone using the IT facilities (hardware, software, data, network access, third party services, online services or IT credentials) provided or arranged by AU.
2.1 When using IT, you remain subject to the same laws and regulations as in the physical world.
2.2 It is expected that your conduct is lawful. Furthermore, ignorance of the law is not considered to be an adequate defence for unlawful conduct.
2.3 When accessing services from another jurisdiction, you must abide by all relevant local laws, as well as those applicable to the location of the service.
2.4 You are bound by AU’s general regulations when using the IT facilities.
2.5 You must abide by the regulations applicable to any other organisation whose services you access such as Janet, Eduserv and Jisc Collections. When using services via eduroam, you are subject to both the regulations of AU and the institution where you are accessing services.
2.6 Some software licences procured by AU will set out obligations for the user – these should be adhered to. If you use any software or resources covered by a Chest agreement, you are deemed to have accepted the Eduserv User Acknowledgement of Third Party Rights. (See accompanying guidance for more detail.)
2.7 Breach of any applicable law or third party regulation will be regarded as a breach of these IT regulations.
2.8 Users should be aware that the University has a statutory duty under the Counter-Terrorism and Security Act 2015 and must have due regard to the need to prevent people from being drawn into terrorism.
3.1 These regulations are issued under the authority of the Director of Information Services who is also responsible for their interpretation and enforcement, and who may also delegate such authority to other people.
3.2 You must not use the IT facilities without the permission of the Director of Information Services.
3.3 You must comply with any reasonable written or verbal instructions issued by people with delegated authority in support of these regulations. If you feel that any such instructions are unreasonable or are not in support of these regulations, you may appeal to the Director of Information Services.
- Intended Use
4.1 The IT facilities are provided for use in furtherance of the mission of AU for example to support a course of study, research or in connection with your employment by the institution.
4.2 Use of these facilities for personal activities (provided that it does not infringe any of the regulations, and does not interfere with others’ valid use) is permitted, but this is a privilege that may be withdrawn at any point.
4.3 Use of these IT facilities for non-institutional commercial purposes or for personal gain requires the explicit approval of the Director of Information Services.
4.4 Use of certain licences is only permitted for academic use and where applicable to the code of conduct published by the Combined Higher Education Software Team (CHEST): http://www.chest.ac.uk/Chest-Agreements
5.1 You must take all reasonable precautions to safeguard any IT credentials (for example a username and password, email address, Aber Card or other identity hardware) issued to you. You must not allow anyone else to use your IT credentials. No-one has the authority to ask you for your password, and you must not disclose it to anyone.
5.2 You must not attempt to obtain or use anyone else’s credentials.
5.3 You must not impersonate someone else or otherwise disguise your identity when using the IT facilities.
6.1 You must not do anything to jeopardise the integrity of the IT infrastructure by, for example, doing any of the following without approval:
- Damaging, reconfiguring or moving equipment;
- Loading software on AU’s equipment other than in approved circumstances;
- Reconfiguring or connecting equipment to the network other than by approved methods;
- Setting up servers or services on the network;
- Deliberately or recklessly introducing malware;
- Attempting to disrupt or circumvent IT security measures.
7.1 If you handle personal, confidential or sensitive information, you must take all reasonable steps to safeguard it and must observe AU’s Data Protection Policy and Information Security Policy and guidance, particularly with regard to removable media, mobile and privately owned devices.
7.2 You must not infringe copyright, or break the terms of licences for software or other material.
7.3 You must not attempt to access, delete, modify or disclose information belonging to other people without their permission, or explicit approval from the Director of Information Services.
7.4 You must not create,download, store or transmit:
- unlawful material
- material that is indecent, offensive, threatening or discriminatory
- material that promotes hostility, prejudice or hatred, particularly that based on disability, race, religion, transgender identity or sexual orientation
- extremism-related material with the intention of supporting, advocating or spreading terrorism
AU has procedures to approve and manage valid activities, such as authorized research, involving such material. Further details can be provided by Information Services on request.
8.1 Real world standards of behaviour apply online and on social networking platforms, such as Facebook, Blogger and Twitter.
8.2 You must not cause needless offence, concern or annoyance to others.
8.3 You should also adhere to AU’s guidelines on social media.
8.4 You must not send spam (unsolicited bulk email).
8.5 You must not deliberately or recklessly consume excessive IT resources such as processing power, bandwidth or consumables.
8.6 You must not use the IT facilities in a way that interferes with others’ valid use of them.
9.1 AU monitors and records the use of its IT facilities for the purposes of:
- the effective and efficient planning and operation of the IT facilities
- detection and prevention of infringement of these regulations
- investigation of alleged misconduct
- retrieving, in the absence the relevant member of staff or student, e-mail or other electronic documents which are important for the University’s continuity of its business
9.2 AU will comply with lawful and reasonable requests for information from government and law enforcement agencies.
9.3 You must not attempt to monitor the use of the IT facilities without explicit authority.
10.1 Infringing these regulations may result in sanctions under the institution’s disciplinary processes:
Staff - https://www.aber.ac.uk/en/hr/policy-and-procedure/
Students - https://www.aber.ac.uk/en/regulations/student-rules-regs/
10.2 Penalties may include withdrawal of services and/or fines. Offending material will be taken down.
10.3 Information about infringement may be passed to appropriate law enforcement agencies, and any other organisations whose regulations you have breached.
10.4 AU reserves the right to recover from you any costs incurred as a result of your infringement.
10.5 You must inform the Director of Information Services or their nominee if you become aware of any infringement of these regulations.
These Regulations are maintained by Jonathan Davies, were last reviewed in November 2017 and are due for review in November 2018